<?php

/**
 * @author dungdhs@gmail.com
 * @copyright 2012
 */

function uploader_task(){
  return array(
    'upload' => array(
      'func'  => '_uploader_upload',
      'perm'  => 'file upload'  
    ),
    'product' => array(
      'func'  => '_uploader_product',
      'perm'  => 'file upload'  
    )
  );
}

function _uploader_upload(){
  $path = 'files/'.date('Ymd'); file_check_dir($path);
  $path = 'files/'.date('Ymd').'/'.time()."_".$_FILES['upload']['name'];
  $url = PG_ROOT.$path;
 //extensive suitability check before doing anything with the file...
  if (($_FILES['upload'] == "none") OR (empty($_FILES['upload']['name'])) ){
     $message = "No file uploaded.";
  }else if ($_FILES['upload']["size"] == 0){
     $message = "The file is of zero length.";
  }else if (($_FILES['upload']["type"] != "image/pjpeg") AND ($_FILES['upload']["type"] != "image/jpeg") AND ($_FILES['upload']["type"] != "image/png")){
     $message = "The image must be in either JPG or PNG format. Please upload a JPG or PNG instead.";
  }else if (!is_uploaded_file($_FILES['upload']["tmp_name"])){
     $message = "You may be attempting to hack our server. We're on to you; expect a knock on the door sometime soon.";
  } else {
    $message = "";
    $move = @ move_uploaded_file($_FILES['upload']['tmp_name'], $url);
    if(!$move){
       $message = "Error moving uploaded file. Check the script is granted Read/Write/Modify permissions.";
    }
  }
 
  $funcNum = $_GET['CKEditorFuncNum'] ;
  echo "<script type='text/javascript'>window.parent.CKEDITOR.tools.callFunction($funcNum, '".l($path)."', '$message');</script>"; exit();
}

function _uploader_product(){
  header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
  header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
  header("Cache-Control: no-store, no-cache, must-revalidate");
  header("Cache-Control: post-check=0, pre-check=0", false);
  header("Pragma: no-cache");
  
  $dirPath = 'files/'.date('Ymd', time());
  file_check_dir($dirPath);
  
  // Settings
  $targetDir = PG_ROOT . $dirPath;
  //$targetDir = 'uploads';
  
  $cleanupTargetDir = true; // Remove old files
  $maxFileAge = 5 * 3600; // Temp file age in seconds
  
  // 5 minutes execution time
  @set_time_limit(5 * 60);
  
  // Uncomment this one to fake upload time
  // usleep(5000);
  
  // Get parameters
  $chunk = isset($_REQUEST["chunk"]) ? intval($_REQUEST["chunk"]) : 0;
  $chunks = isset($_REQUEST["chunks"]) ? intval($_REQUEST["chunks"]) : 0;
  $fileName = isset($_REQUEST["name"]) ? $_REQUEST["name"] : '';
  
  // Clean the fileName for security reasons
  $fileName = preg_replace('/[^\w\._]+/', '_', $fileName);
  
  // Make sure the fileName is unique but only if chunking is disabled
  if ($chunks < 2 && file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName)) {
  	$ext = strrpos($fileName, '.');
  	$fileName_a = substr($fileName, 0, $ext);
  	$fileName_b = substr($fileName, $ext);
  
  	$count = 1;
  	while (file_exists($targetDir . DIRECTORY_SEPARATOR . $fileName_a . '_' . $count . $fileName_b))
  		$count++;
  
  	$fileName = $fileName_a . '_' . $count . $fileName_b;
  }
  
  $filePath = $targetDir . DIRECTORY_SEPARATOR . $fileName;
  
  // Remove old temp files	
  if ($cleanupTargetDir && is_dir($targetDir) && ($dir = opendir($targetDir))) {
  	while (($file = readdir($dir)) !== false) {
  		$tmpfilePath = $targetDir . DIRECTORY_SEPARATOR . $file;
  
  		// Remove temp file if it is older than the max age and is not the current file
  		if (preg_match('/\.part$/', $file) && (filemtime($tmpfilePath) < time() - $maxFileAge) && ($tmpfilePath != "{$filePath}.part")) {
  			@unlink($tmpfilePath);
  		}
  	}
  
  	closedir($dir);
  } else
  	die('{"jsonrpc" : "2.0", "error" : {"code": 100, "message": "Failed to open temp directory."}, "id" : "id"}');
  	
  
  // Look for the content type header
  if (isset($_SERVER["HTTP_CONTENT_TYPE"]))
  	$contentType = $_SERVER["HTTP_CONTENT_TYPE"];
  
  if (isset($_SERVER["CONTENT_TYPE"]))
  	$contentType = $_SERVER["CONTENT_TYPE"];
  
  // Handle non multipart uploads older WebKit versions didn't support multipart in HTML5
  if (strpos($contentType, "multipart") !== false) {
  	if (isset($_FILES['file']['tmp_name']) && is_uploaded_file($_FILES['file']['tmp_name'])) {
  		// Open temp file
  		$out = fopen("{$filePath}.part", $chunk == 0 ? "wb" : "ab");
  		if ($out) {
  			// Read binary input stream and append it to temp file
  			$in = fopen($_FILES['file']['tmp_name'], "rb");
  
  			if ($in) {
  				while ($buff = fread($in, 4096))
  					fwrite($out, $buff);
  			} else
  				die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
  			fclose($in);
  			fclose($out);
  			@unlink($_FILES['file']['tmp_name']);
  		} else
  			die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
  	} else
  		die('{"jsonrpc" : "2.0", "error" : {"code": 103, "message": "Failed to move uploaded file."}, "id" : "id"}');
  } else {
  	// Open temp file
  	$out = fopen("{$filePath}.part", $chunk == 0 ? "wb" : "ab");
  	if ($out) {
  		// Read binary input stream and append it to temp file
  		$in = fopen("php://input", "rb");
  
  		if ($in) {
  			while ($buff = fread($in, 4096))
  				fwrite($out, $buff);
  		} else
  			die('{"jsonrpc" : "2.0", "error" : {"code": 101, "message": "Failed to open input stream."}, "id" : "id"}');
  
  		fclose($in);
  		fclose($out);
  	} else
  		die('{"jsonrpc" : "2.0", "error" : {"code": 102, "message": "Failed to open output stream."}, "id" : "id"}');
  }
  
  $fid = 0;
  // Check if file has been uploaded
  if (!$chunks || $chunk == $chunks - 1) {
  	// Strip the temp .part suffix off 
  	rename("{$filePath}.part", $filePath);
    global $database;
    
    $database->db_query("INSERT INTO product_images(image_path, image_created) VALUES ('%s', %d)", $dirPath.'/'.$fileName, time());
    $fid = $database->db_insert_id();
  }
  
  
  // Return JSON-RPC response
  die('{"jsonrpc" : "2.0", "result" : '.$fid.', "id" : "id"}');
}

?>